©2021 Reporters Post24. All Rights Reserved.
A pro-Russian hacker group has come forward as the perpetrator of a DDoS attack on the French national postal service La Poste that took place on December 22, according to Reuters. The distributed denial-of-service attack took central computer systems at La Poste entirely offline and caused major disruptions in package deliveries just days before Christmas.
Reuters reported that the cyberattack on La Poste was still not fully resolved as of Wednesday morning. While regular letters were not affected, postal workers were unable to track packages and online payments through La Banque Postale, the service’s banking division, were also disrupted.
The group, known as Noname057, has taken responsibility for or been accused of cyberattacks across the globe. Though attacks have occurred in over a dozen nations, the group has mostly targeted Ukraine as well as Ukraine-friendly nations.
Europol, the EU’s law enforcement agency, launched an extensive operation against the group this summer. The US Justice Department has also been involved in actions against the hacker group.
Hackers with links to China reportedly successfully infiltrated a number of unnamed government and tech entities using advanced malware. As reported by Reuters, cybersecurity agencies from the US and Canada confirmed the attack, which used a backdoor known as “Brickstorm” to target organizations using the VMware vSphere cloud computing platform.
As detailed in a report published by the Canadian Centre for Cyber Security on December 4, PRC state-sponsored hackers maintained “long-term persistent access” to an unnamed victim’s internal network. After compromising the affected platform, the cybercriminals were able to steal credentials, manipulate sensitive files and create “rogue, hidden VMs” (virtual machines), effectively seizing control unnoticed. The attack could have begun as far back as April 2024 and lasted until at least September of this year.
The malware analysis report published by the Canadian Cyber Centre, with assistance from The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), cites eight different Brickstorm malware samples. It is not clear exactly how many organizations in total were either targeted or successfully penetrated.
In an email to Reuters, a spokesperson for VMware vSphere owner Broadcom said it was aware of the alleged hack, and encouraged its customers to download up-to-date security patches whenever possible. In September, the Google Threat Intelligence Group published its own report on Brickstorm, in which it urged organizations to “reevaluate their threat model for appliances and conduct hunt exercises” against specified threat actors.
